Simon Barratt

MS Exchange 2003 - Day 2

Today kicked off with the inevitable subject of: Securing your Exchange server.

This one made me smile!  It sounds like MS has gone to significant lengths to try to leave behind it's leaky past.  They now encourage you to utilise a mishmash of services to ensure your OS is patched, your Exchange is patched (Baseline security analyser was to tool of choice for this trainer) and you have some form of anti virus scanning running on each mailbox server.  I will be looking to draw upon additional resources within our organisation to make these steps happen.  Quite a change from the Domino model.

We also covered what anti-spam options there were.  As we receive great service from MessageLabs, so this is an area that does not concern me too much.

After two days of using the MMC style management tools, one questions lies heavily on me.  Why can't I click on an item in the left pane and have the details pane to the right me show a summary of the options currently enabled/selected for the highlighted option?  It seems such a waste of space, and you have to right click on everything, select Properties to do anything.  Now that is a pain!

It is also a bit of a pain having to flick back and forth from AD User Manager and the Exchange System Manager - it would be nicer of this was all integrated into one.

Point to note - Whenever you create a mail enabled group, the default is to allow anyone to be able to send email to the group, even from the Internet.  Currently, we use LDAP to query whether an address is authorised for email delivery, before accepting it into Domino.  This was accomplished by extending the LDAP schema, and creating a custom attribute to control email address validity.  If we take away the LDAP query piece, we will have to ensure that all groups are only accessible to authenticated users only!  There has to be away to make this the default - the trainer did not think so.

A really nice feature, is the dynamic mailing groups.  Simply put, you define an LDAP filter to describe what the recipient list should look like (All users in Philadelphia for example).  Whenever a user sends an email addressed to the Philadelphia users group, the LDAP query runs, and dynamically builds the recipients list based on the location attribute in AD, and then the email gets delivered.  I have always felt that, at a minimum, you should of been able to send emails in Notes to at least an OU branch (*/PHILA/FMC).

We glossed over some of the client connection options next, and discussed RPC over HTTP.  The concept sounds good, but most in the room wondered whether it was ready for prime time yet, due to an very high level of interdependencies required to implement.  This feature will likely get used more by the virtue of attrition than careful planning!

The ability to delegate administrative rights looks nice - let's just hope it works in practice.  It can't be any worse than trying to implement it in Domino!

We then moved on to the chores of creating mailboxes, deleting mailboxes and moving mailboxes.  These all seemed straight forward, as you would imagine.  Curious to see how moving a large mailbox will work in reality.  It appeared to be a foreground process for the Exchange System Manager tool, rather than something that runs in the background on the servers.  More testing will tell on that one.